CVE-2016-2275

The web interface on Advantech/B+B SmartWorx VESP211-EU devices with firmware 1.7.2 and VESP211-232 devices with firmware 1.5.1 and 1.7.2 relies on the client to implement access control, which allows remote attackers to perform administrative actions via modified JavaScript code.
Severity
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
advantechvesp211-eu_firmware
1.7.2
advantechvesp211-232_firmware
1.5.1
advantechvesp211-232_firmware
1.7.2
𝑥
= Vulnerable software versions